Categorization of C++ Classes for Static Lifetime Analysis

While C++ is a powerful language, it has many subtle ways to introduce object lifetime-related errors. According to Microsoft, 70% of their security patches are fixing memory issues. Thus, it is crucial to develop safety measures to counteract these problems. Static analysis is an essential approach to detect runtime errors by analyzing the source code without executing it. One of the reasons why is it so easy to make mistakes using C++ is that the language provides a rich taxonomy of object lifetime-related concepts such as containers, values, iterators, raw pointers, lvalue and rvalue references, smart pointers, etc. The behavior of user-defined types depends on their category. Classical static analysis approaches treat user-defined types as black boxes and do not reason about their correctness. In this paper, we argue for an approach that infers the category of user-defined types and leverages this information during analysis. To achieve this goal we first analyze user-defined classes to predict their ownership semantics. Then we use this information to generalize existing static analysis methods. We evaluated the proposed method on large open source projects.